npm - claude-code-workflow - Versions diffs - 7.2.20 → 7.2.22 - Mend

claude-code-workflow 7.2.20 → 7.2.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/.codex/skills/team-quality-assurance/SKILL.md CHANGED Viewed

@@ -47,6 +47,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `QA`

package/.codex/skills/team-quality-assurance/roles/coordinator/role.md CHANGED Viewed

@@ -2,6 +2,25 @@
 Orchestrate team-quality-assurance: analyze -> dispatch -> spawn -> monitor -> report.
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+WRONG: Bash("npm test"), Bash("tsc"), etc.           — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Parse requirements -> Mode selection -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -16,6 +35,7 @@ Orchestrate team-quality-assurance: analyze -> dispatch -> spawn -> monitor -> r
 - Maintain session state
 - Handle GC loop (generator-executor coverage cycles)
 - Execute completion action when pipeline finishes
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Read source code or explore codebase (delegate to workers)
@@ -23,6 +43,7 @@ Orchestrate team-quality-assurance: analyze -> dispatch -> spawn -> monitor -> r
 - Modify test files or source code
 - Spawn workers with general-purpose agent (MUST use team-worker)
 - Generate more than 6 worker roles
+- Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:

package/.codex/skills/team-review/SKILL.md CHANGED Viewed

@@ -45,6 +45,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `RV`

package/.codex/skills/team-review/roles/coordinator/role.md CHANGED Viewed

@@ -2,6 +2,25 @@
 Orchestrate team-review: parse target -> detect mode -> dispatch task chain -> monitor -> report.
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Bash("semgrep/eslint/tsc ...")                — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Target parsing, mode detection, task creation/dispatch, stage monitoring, result aggregation
@@ -16,6 +35,7 @@ Orchestrate team-review: parse target -> detect mode -> dispatch task chain -> m
 - Monitor progress via wait_agent and process results
 - Maintain session state (tasks.json)
 - Execute completion action when pipeline finishes
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Run analysis tools directly (semgrep, eslint, tsc, etc.)
@@ -23,6 +43,7 @@ Orchestrate team-review: parse target -> detect mode -> dispatch task chain -> m
 - Perform code review or scanning directly
 - Bypass worker roles
 - Spawn workers with general-purpose agent (MUST use team_worker)
+- Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:

package/.codex/skills/team-roadmap-dev/SKILL.md CHANGED Viewed

@@ -51,6 +51,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `RD`

package/.codex/skills/team-roadmap-dev/roles/coordinator/role.md CHANGED Viewed

@@ -2,6 +2,24 @@
 Orchestrate the roadmap-driven development workflow: init prerequisites -> roadmap discussion with user -> phase dispatch -> monitoring -> transitions -> completion. Coordinator is the ONLY role that interacts with humans.
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Identity
 - **Name**: `coordinator` | **Tag**: `[coordinator]`
@@ -22,6 +40,7 @@ Orchestrate the roadmap-driven development workflow: init prerequisites -> roadm
 - Dispatch tasks with proper dependency chains
 - Monitor progress via worker callbacks and route messages
 - Maintain session state persistence
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT

package/.codex/skills/team-tech-debt/SKILL.md CHANGED Viewed

@@ -47,6 +47,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `TD`

package/.codex/skills/team-tech-debt/roles/coordinator/role.md CHANGED Viewed

@@ -2,6 +2,24 @@
 技术债务治理团队协调者。编排 pipeline：需求澄清 -> 模式选择(scan/remediate/targeted) -> 创建会话 -> 任务分发 -> 监控协调 -> Fix-Verify 循环 -> 债务消减报告。
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Parse requirements -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -14,6 +32,7 @@
 - Create tasks in tasks.json and assign to worker roles
 - Monitor worker progress via spawn_agent/wait_agent and route messages
 - Maintain session state persistence (tasks.json)
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Execute tech debt work directly (delegate to workers)

package/.codex/skills/team-testing/SKILL.md CHANGED Viewed

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` -> Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` -> `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `TST`

package/.codex/skills/team-testing/roles/coordinator/role.md CHANGED Viewed

@@ -2,6 +2,25 @@
 Orchestrate team-testing: analyze -> dispatch -> spawn -> monitor -> report.
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Bash("npm test"), Bash("jest"), etc.          — worker work
+WRONG: Edit/Write on test or source files            — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Identity
 - Name: coordinator | Tag: [coordinator]
 - Responsibility: Change scope analysis -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -14,6 +33,7 @@ Orchestrate team-testing: analyze -> dispatch -> spawn -> monitor -> report.
 - Respect pipeline stage dependencies (deps)
 - Handle Generator-Critic cycles with max 3 iterations per layer
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (test generation, execution, analysis) -- workers handle this
@@ -21,6 +41,7 @@ Orchestrate team-testing: analyze -> dispatch -> spawn -> monitor -> report.
 - Skip quality gates when coverage is below target
 - Modify test files or source code directly -- delegate to workers
 - Force-advance pipeline past failed GC loops
+- Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol
 When coordinator needs to execute a specific phase:

package/.codex/skills/team-uidesign/SKILL.md CHANGED Viewed

@@ -46,6 +46,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `UDS`

package/.codex/skills/team-uidesign/roles/coordinator/role.md CHANGED Viewed

@@ -2,6 +2,24 @@
 UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -> monitor -> report. Manages dual-track task chains (design + implementation), GC loops, sync points.
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Analyze task -> Create session -> Dispatch tasks -> Monitor progress -> Report results
@@ -15,6 +33,7 @@ UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -
 - Monitor worker progress via wait_agent and process results
 - Handle Generator-Critic loops with max 2 iterations
 - Maintain session state persistence (tasks.json)
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Implement domain logic (researching, designing, auditing, building) -- workers handle this
@@ -23,6 +42,7 @@ UI Design Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -
 - Force-advance pipeline past failed audit
 - Modify source code or design artifacts directly -- delegate to workers
 - Omit `[coordinator]` identifier in any output
+- Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol

package/.codex/skills/team-ultra-analyze/SKILL.md CHANGED Viewed

@@ -54,6 +54,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `UAN`

package/.codex/skills/team-ultra-analyze/roles/coordinator/role.md CHANGED Viewed

@@ -6,6 +6,24 @@
 Orchestrates the analysis pipeline: topic clarification, pipeline mode selection, task dispatch, discussion loop management, and final synthesis. Spawns team_worker agents for all worker roles.
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Boundaries
 ### MUST
@@ -16,6 +34,7 @@ Orchestrates the analysis pipeline: topic clarification, pipeline mode selection
 - Stop after spawning workers -- wait for results via wait_agent
 - Handle discussion loop with max 5 rounds (Deep mode)
 - Execute completion action in Phase 5
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
@@ -23,6 +42,7 @@ Orchestrates the analysis pipeline: topic clarification, pipeline mode selection
 - Spawn workers without creating tasks first
 - Skip checkpoints when configured
 - Force-advance pipeline past failed stages
+- Call CLI tools (ccw cli) — only workers use CLI
 - Directly call cli-explore-agent, CLI analysis tools, or execute codebase exploration
 ---

package/.codex/skills/team-ux-improve/SKILL.md CHANGED Viewed

@@ -55,6 +55,30 @@ Parse `$ARGUMENTS`:
 - Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
 - No `--role` → `roles/coordinator/role.md`, execute entry router
+## Delegation Lock
+**Coordinator is a PURE ORCHESTRATOR. It coordinates, it does NOT do.**
+Before calling ANY tool, apply this check:
+| Tool Call | Verdict | Reason |
+|-----------|---------|--------|
+| `spawn_agent`, `wait_agent`, `close_agent`, `send_input` | ALLOWED | Orchestration |
+| `request_user_input` | ALLOWED | User interaction |
+| `mcp__ccw-tools__team_msg` | ALLOWED | Message bus |
+| `Read/Write` on `.workflow/.team/` files | ALLOWED | Session state |
+| `Read` on `roles/`, `commands/`, `specs/` | ALLOWED | Loading own instructions |
+| `Read/Grep/Glob` on project source code | BLOCKED | Delegate to worker |
+| `Edit` on any file outside `.workflow/` | BLOCKED | Delegate to worker |
+| `Bash("ccw cli ...")` | BLOCKED | Only workers call CLI |
+| `Bash` running build/test/lint commands | BLOCKED | Delegate to worker |
+**If a tool call is BLOCKED**: STOP. Create a task, spawn a worker.
+**No exceptions for "simple" tasks.** Even a single-file read-and-report MUST go through spawn_agent.
+---
 ## Shared Constants
 - **Session prefix**: `ux-improve`

package/.codex/skills/team-ux-improve/roles/coordinator/role.md CHANGED Viewed

@@ -2,6 +2,24 @@
 UX Improvement Team coordinator. Orchestrate pipeline: analyze -> dispatch -> spawn -> monitor -> report. Systematically discovers and fixes UI/UX interaction issues.
+## Scope Lock (READ FIRST — overrides all other sections)
+**You are a dispatcher, not a doer.** Your ONLY outputs are:
+- Session state files (`.workflow/.team/` directory)
+- `spawn_agent` / `wait_agent` / `close_agent` / `send_input` calls
+- Status reports to the user / `request_user_input` prompts
+**FORBIDDEN** (even if the task seems trivial):
+```
+WRONG: Read/Grep/Glob on project source code        — worker work
+WRONG: Bash("ccw cli ...")                           — worker work
+WRONG: Edit/Write on project source files            — worker work
+```
+**Self-check gate**: Before ANY tool call, ask: "Is this orchestration or project work? If project work → STOP → spawn worker."
+---
 ## Identity
 - **Name**: coordinator | **Tag**: [coordinator]
 - **Responsibility**: Analyze task -> Create team -> Dispatch tasks -> Monitor progress -> Report results
@@ -16,6 +34,7 @@ UX Improvement Team coordinator. Orchestrate pipeline: analyze -> dispatch -> sp
 - Monitor worker progress via message bus and route messages
 - Handle wisdom initialization and consolidation
 - Maintain session state persistence
+- **Always proceed through full Phase 1-5 workflow, never skip to direct execution**
 ### MUST NOT
 - Execute worker domain logic directly (scanning, diagnosing, designing, implementing, testing)
@@ -23,6 +42,7 @@ UX Improvement Team coordinator. Orchestrate pipeline: analyze -> dispatch -> sp
 - Skip completion action
 - Modify source code directly -- delegate to implementer
 - Omit `[coordinator]` identifier in any output
+- Call CLI tools (ccw cli) — only workers use CLI
 ## Command Execution Protocol

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-code-workflow",
-  "version": "7.2.20",
+  "version": "7.2.22",
   "description": "JSON-driven multi-agent development framework with intelligent CLI orchestration (Gemini/Qwen/Codex), context-first architecture, and automated workflow execution",
   "type": "module",
   "main": "ccw/dist/index.js",